The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ubuntu

vulnerability announce CVE-2018-16864 CVE-2018-16865

systemd: memory corruption via alloca

Synthesis of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/01/2019.
Revision date: 10/05/2019.
Identifiers: cpuapr2019, CVE-2018-16864, CVE-2018-16865, DLA-1639-1, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, RHSA-2019:0049-01, RHSA-2019:0204-01, SB10276, SUSE-SU-2019:0053-1, SUSE-SU-2019:0054-1, SUSE-SU-2019:0054-2, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28232.

Description of the vulnerability

An attacker can trigger a memory corruption via alloca() of systemd, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-16866

systemd: out-of-bounds memory reading via Colon Log Messages

Synthesis of the vulnerability

An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 14/01/2019.
Revision date: 10/05/2019.
Identifiers: CVE-2018-16866, DSA-4367-1, DSA-4367-2, openSUSE-SU-2019:0097-1, openSUSE-SU-2019:0098-1, SUSE-SU-2019:0135-1, SUSE-SU-2019:0137-1, USN-3855-1, VIGILANCE-VUL-28257.

Description of the vulnerability

An attacker can force a read at an invalid address via Colon Log Messages of systemd, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-11683

Linux kernel: denial of service via UDP

Synthesis of the vulnerability

An attacker can send UDP packets without payload to the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 03/05/2019.
Identifiers: CVE-2019-11683, FEDORA-2019-5b76e711b3, USN-3979-1, VIGILANCE-VUL-29219.

Description of the vulnerability

An attacker can send UDP packets without payload to the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-12020

GnuPG: creation of fake status messages

Synthesis of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Impacted products: Debian, Fedora, GnuPG, Junos Space, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 08/06/2018.
Revision date: 02/05/2019.
Identifiers: bulletinjul2018, CVE-2018-12020, DSA-4222-1, DSA-4223-1, FEDORA-2018-4ef71d3525, FEDORA-2018-69780fc4d7, FEDORA-2018-a4e13742b4, JSA10917, openSUSE-SU-2018:1706-1, openSUSE-SU-2018:1708-1, openSUSE-SU-2018:1722-1, openSUSE-SU-2018:1724-1, RHSA-2018:2180-01, RHSA-2018:2181-01, SSA:2018-159-01, SSA:2018-170-01, SUSE-SU-2018:1696-1, SUSE-SU-2018:1698-1, SUSE-SU-2018:2243-1, T4012, USN-3675-1, USN-3675-2, USN-3675-3, USN-3964-1, VIGILANCE-VUL-26364.

Description of the vulnerability

An attacker can create fake status messages in GnuPG, in order to deceive the victime.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-11596

Memcached: denial of service

Synthesis of the vulnerability

An attacker can send malicious packets to Memcached, in order to trigger a denial of service.
Impacted products: Fedora, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 02/05/2019.
Identifiers: CVE-2019-11596, FEDORA-2019-2bd8e73268, FEDORA-2019-df4c0ba2db, USN-3963-1, VIGILANCE-VUL-29178.

Description of the vulnerability

An attacker can send malicious packets to Memcached, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-11498

WavPack: denial of service via DFF files

Synthesis of the vulnerability

An attacker can trigger a fatal error in WavPack via DFF files, in order to trigger a denial of service.
Impacted products: Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2019-11498, USN-3960-1, VIGILANCE-VUL-29166.

Description of the vulnerability

An attacker can trigger a fatal error in WavPack via DFF files, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2019-11459

evince: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of evince, in order to obtain sensitive information.
Impacted products: Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 30/04/2019.
Identifiers: CVE-2019-11459, USN-3959-1, VIGILANCE-VUL-29161.

Description of the vulnerability

An attacker can bypass access restrictions to data of evince, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9928

gst-plugins-base: buffer overflow

Synthesis of the vulnerability

An attacker can trigger a buffer overflow of gst-plugins-base, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Ubuntu.
Severity: 1/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Creation date: 29/04/2019.
Identifiers: CVE-2019-9928, DLA-1769-1, DLA-1770-1, DSA-4437-1, USN-3958-1, VIGILANCE-VUL-29148.

Description of the vulnerability

An attacker can trigger a buffer overflow of gst-plugins-base, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5743

ISC BIND: measure against denial of service ineffective

Synthesis of the vulnerability

An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, BIND, RHEL, Slackware, Synology DSM, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-187, CVE-2018-5743, DSA-4440-1, K74009656, RHSA-2019:1145-01, SSA:2019-116-01, Synology-SA-19:20, USN-3956-1, USN-3956-2, VIGILANCE-VUL-29129.

Description of the vulnerability

An attacker can bypass restrictions to the amount of simultaneous TCP connections to ISC BIND, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2019-9500 CVE-2019-9503

Linux kernel: buffer overflow via brcmf_wowl_nd_results

Synthesis of the vulnerability

An attacker can trigger a buffer overflow via brcmf_wowl_nd_results() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 2.
Creation date: 25/04/2019.
Identifiers: CERTFR-2019-AVI-211, CERTFR-2019-AVI-212, CERTFR-2019-AVI-233, CVE-2019-9500, CVE-2019-9503, FEDORA-2019-1b986880ea, FEDORA-2019-1e8a4c6958, FEDORA-2019-8219efa9f6, FEDORA-2019-87d807d7cb, openSUSE-SU-2019:1404-1, openSUSE-SU-2019:1407-1, SUSE-SU-2019:1240-1, SUSE-SU-2019:1241-1, SUSE-SU-2019:1242-1, SUSE-SU-2019:1244-1, SUSE-SU-2019:1245-1, SUSE-SU-2019:1287-1, SUSE-SU-2019:1289-1, USN-3979-1, USN-3980-1, USN-3981-1, USN-3981-2, VIGILANCE-VUL-29128, VU#166939.

Description of the vulnerability

An attacker can trigger a buffer overflow via brcmf_wowl_nd_results() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ubuntu: